From: Patrick McHardy
Sent: 1/9/2006 4:24:18 PM
> Kris Katterjohn wrote:
> > This makes the filter length in sk_chk_filter() unsigned as it should be.
> >
> > Signed-off-by: Kris Katterjohn <[EMAIL PROTECTED]>
> >
> > This is a diff from 2.6.15.
> >
> > The length should never be negative, and if the length were negative, the
> > for
> > loop would fail.
> >
>
> > - if (ftest->k >= (unsigned)(flen-pc-1))
> > + if (ftest->k >= flen - pc - 1)
>
> NAK. The subtraction makes the whole expressions signed, so
> a very large ftest->k is interpreted as a negative number
> and passes the test.
Okey-dokey. Against git5:
--- x/net/core/filter.c 2006-01-09 12:17:03.000000000 -0600
+++ y/net/core/filter.c 2006-01-09 18:19:07.000000000 -0600
@@ -289,10 +289,10 @@ load_b:
*
* Returns 0 if the rule set is legal or a negative errno code if not.
*/
-int sk_chk_filter(struct sock_filter *filter, int flen)
+int sk_chk_filter(struct sock_filter *filter, unsigned int flen)
{
struct sock_filter *ftest;
- int pc;
+ unsigned int pc;
if (flen == 0 || flen > BPF_MAXINSNS)
return -EINVAL;
--- x/include/linux/filter.h 2006-01-09 12:16:58.000000000 -0600
+++ y/include/linux/filter.h 2006-01-09 18:19:28.000000000 -0600
@@ -145,7 +145,7 @@ struct sock;
extern unsigned int sk_run_filter(struct sk_buff *skb, struct sock_filter
*filter, int flen);
extern int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk);
-extern int sk_chk_filter(struct sock_filter *filter, int flen);
+extern int sk_chk_filter(struct sock_filter *filter, unsigned int flen);
#endif /* __KERNEL__ */
#endif /* __LINUX_FILTER_H__ */
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
